diff options
author | Matej Zidek <matejz@google.com> | 2019-07-24 12:53:47 +0100 |
---|---|---|
committer | Matt Zidek <matejz@google.com> | 2019-07-24 13:12:29 +0000 |
commit | de1890b008565fd1eac338c4e427809697639c61 (patch) | |
tree | fe4ed2227e70eab7a9717d6c7a2dcd3156fe4f43 | |
parent | 7ca85d462374f8c4c313df87200ab6a39a3777c7 (diff) | |
download | android-key-attestation-de1890b008565fd1eac338c4e427809697639c61.tar.gz |
Fix Java style and best practices
- fix typos and unnecessary parentheses
- a private method that does not reference the enclosing instance can be static
- use ImmutableSet instead of HashSet
- simplify null checks
- use explicit charset in getBytes()
- use Instant and Duration for time related fields in AuthorizationList
Change-Id: Ia615ae1113efc275b7e7c01cc9a627eb568a7fd3
10 files changed, 188 insertions, 217 deletions
diff --git a/server/README.md b/server/README.md index 7c18add..9cd9c57 100644 --- a/server/README.md +++ b/server/README.md @@ -40,7 +40,7 @@ Pre-requisites -------------- - Up-to-date Java JDK -- [Bouncy Castle Cryptography Java APIs][5] (included as depedency in gradle build configuration). +- [Bouncy Castle Cryptography Java APIs][5] (included as dependency in gradle build configuration). [5]: https://www.bouncycastle.org/java.html diff --git a/server/src/main/java/com/android/example/KeyAttestationExample.java b/server/src/main/java/com/android/example/KeyAttestationExample.java index 14d3b6f..ff29757 100644 --- a/server/src/main/java/com/android/example/KeyAttestationExample.java +++ b/server/src/main/java/com/android/example/KeyAttestationExample.java @@ -34,9 +34,7 @@ import java.security.SignatureException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.time.Instant; import java.util.Arrays; -import java.util.Date; import java.util.List; import java.util.Optional; import java.util.stream.Collectors; @@ -72,12 +70,11 @@ import org.bouncycastle.util.encoders.Base64; @SuppressWarnings("OptionalUsedAsFieldOrParameterType") public class KeyAttestationExample { - private static final String CERT_FILES_DIR = "examples/pem/algorithm_EC_SecurityLevel_StrongBox"; public static void main(String[] args) throws CertificateException, IOException, NoSuchProviderException, NoSuchAlgorithmException, - InvalidKeyException, SignatureException { + InvalidKeyException, SignatureException { X509Certificate[] certs; if (args.length == 1) { String certFilesDir = args[0]; @@ -121,41 +118,41 @@ public class KeyAttestationExample { printOptional(authorizationList.ecCurve, indent + "EC Curve"); printOptional(authorizationList.rsaPublicExponent, indent + "RSA Public Exponent"); System.out.println(indent + "Rollback Resistance: " + authorizationList.rollbackResistance); - printOptionalDateTime(authorizationList.activeDateTime, indent + "Active DateTime"); - printOptionalDateTime(authorizationList.originationExpireDateTime, - indent + "Origination Expire DateTime"); - printOptionalDateTime(authorizationList.usageExpireDateTime, indent + "Usage Expire DateTime"); + printOptional(authorizationList.activeDateTime, indent + "Active DateTime"); + printOptional( + authorizationList.originationExpireDateTime, indent + "Origination Expire DateTime"); + printOptional(authorizationList.usageExpireDateTime, indent + "Usage Expire DateTime"); System.out.println(indent + "No Auth Required: " + authorizationList.noAuthRequired); printOptional(authorizationList.userAuthType, indent + "User Auth Type"); printOptional(authorizationList.authTimeout, indent + "Auth Timeout"); System.out.println(indent + "Allow While On Body: " + authorizationList.allowWhileOnBody); - System.out - .println(indent + "Trusted User Presence Required: " + System.out.println( + indent + + "Trusted User Presence Required: " + authorizationList.trustedUserPresenceRequired); - System.out - .println(indent + "Trusted Confirmation Required: " - + authorizationList.trustedConfirmationRequired); - System.out - .println(indent + "Unlocked Device Required: " + authorizationList.unlockedDeviceRequired); + System.out.println( + indent + "Trusted Confirmation Required: " + authorizationList.trustedConfirmationRequired); + System.out.println( + indent + "Unlocked Device Required: " + authorizationList.unlockedDeviceRequired); System.out.println(indent + "All Applications: " + authorizationList.allApplications); printOptional(authorizationList.applicationId, indent + "Application ID"); - printOptionalDateTime(authorizationList.creationDateTime, indent + "Creation DateTime"); + printOptional(authorizationList.creationDateTime, indent + "Creation DateTime"); printOptional(authorizationList.origin, indent + "Origin"); System.out.println(indent + "Rollback Resistant: " + authorizationList.rollbackResistant); System.out.println(indent + "Root Of Trust:"); printRootOfTrust(authorizationList.rootOfTrust, indent + "\t"); printOptional(authorizationList.osVersion, indent + "OS Version"); printOptional(authorizationList.osPatchLevel, indent + "OS Patch Level"); - printOptional(authorizationList.attestationApplicationId, - indent + "Attestation Application ID"); + printOptional( + authorizationList.attestationApplicationId, indent + "Attestation Application ID"); printOptional(authorizationList.attestationIdBrand, indent + "Attestation ID Brand"); printOptional(authorizationList.attestationIdDevice, indent + "Attestation ID Device"); printOptional(authorizationList.attestationIdProduct, indent + "Attestation ID Product"); printOptional(authorizationList.attestationIdSerial, indent + "Attestation ID Serial"); printOptional(authorizationList.attestationIdImei, indent + "Attestation ID IMEI"); printOptional(authorizationList.attestationIdMeid, indent + "Attestation ID MEID"); - printOptional(authorizationList.attestationIdManufacturer, - indent + "Attestation ID Manufacturer"); + printOptional( + authorizationList.attestationIdManufacturer, indent + "Attestation ID Manufacturer"); printOptional(authorizationList.attestationIdModel, indent + "Attestation ID Model"); printOptional(authorizationList.vendorPatchLevel, indent + "Vendor Patch Level"); printOptional(authorizationList.bootPatchLevel, indent + "Boot Patch Level"); @@ -164,14 +161,16 @@ public class KeyAttestationExample { private static void printRootOfTrust(Optional<RootOfTrust> rootOfTrust, String indent) { if (rootOfTrust.isPresent()) { System.out.println( - indent + "Verified Boot Key: " + Base64 - .toBase64String(rootOfTrust.get().verifiedBootKey)); + indent + + "Verified Boot Key: " + + Base64.toBase64String(rootOfTrust.get().verifiedBootKey)); System.out.println(indent + "Device Locked: " + rootOfTrust.get().deviceLocked); - System.out - .println(indent + "Verified Boot State: " + rootOfTrust.get().verifiedBootState.name()); System.out.println( - indent + "Verified Boot Hash: " + Base64 - .toBase64String(rootOfTrust.get().verifiedBootHash)); + indent + "Verified Boot State: " + rootOfTrust.get().verifiedBootState.name()); + System.out.println( + indent + + "Verified Boot Hash: " + + Base64.toBase64String(rootOfTrust.get().verifiedBootHash)); } } @@ -185,15 +184,9 @@ public class KeyAttestationExample { } } - private static void printOptionalDateTime(Optional<Long> dateTime, String caption) { - dateTime.ifPresent(integer -> System.out.println( - caption + ": " + Date - .from(Instant.ofEpochMilli(integer)))); - } - private static void verifyCertificateChain(X509Certificate[] certs) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + NoSuchProviderException, SignatureException { for (int i = 1; i < certs.length; ++i) { // Verify that the certificate has not expired. certs[i].checkValidity(); diff --git a/server/src/main/java/com/google/android/attestation/ASN1Parsing.java b/server/src/main/java/com/google/android/attestation/ASN1Parsing.java index 8f9308d..1735822 100644 --- a/server/src/main/java/com/google/android/attestation/ASN1Parsing.java +++ b/server/src/main/java/com/google/android/attestation/ASN1Parsing.java @@ -20,9 +20,7 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.ASN1Integer; -/** - * Utils to get java representation of ASN1 types. - */ +/** Utils to get java representation of ASN1 types. */ class ASN1Parsing { static boolean getBooleanFromAsn1(ASN1Encodable asn1Value) { diff --git a/server/src/main/java/com/google/android/attestation/AuthorizationList.java b/server/src/main/java/com/google/android/attestation/AuthorizationList.java index a768a33..052fcfa 100644 --- a/server/src/main/java/com/google/android/attestation/AuthorizationList.java +++ b/server/src/main/java/com/google/android/attestation/AuthorizationList.java @@ -53,6 +53,8 @@ import static com.google.android.attestation.Constants.KM_TAG_USAGE_EXPIRE_DATE_ import static com.google.android.attestation.Constants.KM_TAG_USER_AUTH_TYPE; import static com.google.android.attestation.Constants.KM_TAG_VENDOR_PATCH_LEVEL; +import java.time.Duration; +import java.time.Instant; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -82,19 +84,19 @@ public class AuthorizationList { public final Optional<Integer> ecCurve; public final Optional<Long> rsaPublicExponent; public final boolean rollbackResistance; - public final Optional<Long> activeDateTime; - public final Optional<Long> originationExpireDateTime; - public final Optional<Long> usageExpireDateTime; + public final Optional<Instant> activeDateTime; + public final Optional<Instant> originationExpireDateTime; + public final Optional<Instant> usageExpireDateTime; public final boolean noAuthRequired; public final Optional<Integer> userAuthType; - public final Optional<Integer> authTimeout; + public final Optional<Duration> authTimeout; public final boolean allowWhileOnBody; public final boolean trustedUserPresenceRequired; public final boolean trustedConfirmationRequired; public final boolean unlockedDeviceRequired; public final boolean allApplications; public final Optional<byte[]> applicationId; - public final Optional<Long> creationDateTime; + public final Optional<Instant> creationDateTime; public final Optional<Integer> origin; public final boolean rollbackResistant; public final Optional<RootOfTrust> rootOfTrust; @@ -115,30 +117,29 @@ public class AuthorizationList { private AuthorizationList(ASN1Encodable[] authorizationList) { Map<Integer, ASN1Primitive> authorizationMap = getAuthorizationMap(authorizationList); this.purpose = findOptionalIntegerSetAuthorizationListEntry(authorizationMap, KM_TAG_PURPOSE); - this.algorithm = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_ALGORITHM)); - this.keySize = findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_KEY_SIZE)); + this.algorithm = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_ALGORITHM); + this.keySize = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_KEY_SIZE); this.digest = findOptionalIntegerSetAuthorizationListEntry(authorizationMap, KM_TAG_DIGEST); this.padding = findOptionalIntegerSetAuthorizationListEntry(authorizationMap, KM_TAG_PADDING); - this.ecCurve = findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_EC_CURVE)); + this.ecCurve = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_EC_CURVE); this.rsaPublicExponent = - findOptionalLongAuthorizationListEntry(authorizationMap, (KM_TAG_RSA_PUBLIC_EXPONENT)); + findOptionalLongAuthorizationListEntry(authorizationMap, KM_TAG_RSA_PUBLIC_EXPONENT); this.rollbackResistance = findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_ROLLBACK_RESISTANCE); this.activeDateTime = - findOptionalLongAuthorizationListEntry(authorizationMap, (KM_TAG_ACTIVE_DATE_TIME)); + findOptionalInstantMillisAuthorizationListEntry(authorizationMap, KM_TAG_ACTIVE_DATE_TIME); this.originationExpireDateTime = - findOptionalLongAuthorizationListEntry( - authorizationMap, (KM_TAG_ORIGINATION_EXPIRE_DATE_TIME)); + findOptionalInstantMillisAuthorizationListEntry( + authorizationMap, KM_TAG_ORIGINATION_EXPIRE_DATE_TIME); this.usageExpireDateTime = - findOptionalLongAuthorizationListEntry( - authorizationMap, (KM_TAG_USAGE_EXPIRE_DATE_TIME)); + findOptionalInstantMillisAuthorizationListEntry( + authorizationMap, KM_TAG_USAGE_EXPIRE_DATE_TIME); this.noAuthRequired = findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_NO_AUTH_REQUIRED); this.userAuthType = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_USER_AUTH_TYPE)); + findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_USER_AUTH_TYPE); this.authTimeout = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_AUTH_TIMEOUT)); + findOptionalDurationSecondsAuthorizationListEntry(authorizationMap, KM_TAG_AUTH_TIMEOUT); this.allowWhileOnBody = findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_ALLOW_WHILE_ON_BODY); this.trustedUserPresenceRequired = @@ -150,56 +151,48 @@ public class AuthorizationList { this.allApplications = findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_ALL_APPLICATIONS); this.applicationId = - findOptionalByteArrayAuthorizationListEntry(authorizationMap, (KM_TAG_APPLICATION_ID)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_APPLICATION_ID); this.creationDateTime = - findOptionalLongAuthorizationListEntry(authorizationMap, (KM_TAG_CREATION_DATE_TIME)); - this.origin = findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_ORIGIN)); + findOptionalInstantMillisAuthorizationListEntry( + authorizationMap, KM_TAG_CREATION_DATE_TIME); + this.origin = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_ORIGIN); this.rollbackResistant = findBooleanAuthorizationListEntry(authorizationMap, KM_TAG_ROLLBACK_RESISTANT); this.rootOfTrust = Optional.ofNullable( RootOfTrust.createRootOfTrust( - (ASN1Sequence) - findAuthorizationListEntry(authorizationMap, KM_TAG_ROOT_OF_TRUST))); - this.osVersion = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_OS_VERSION)); + (ASN1Sequence) findAuthorizationListEntry(authorizationMap, KM_TAG_ROOT_OF_TRUST))); + this.osVersion = findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_OS_VERSION); this.osPatchLevel = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_OS_PATCH_LEVEL)); + findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_OS_PATCH_LEVEL); this.attestationApplicationId = findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_APPLICATION_ID)); + authorizationMap, KM_TAG_ATTESTATION_APPLICATION_ID); this.attestationIdBrand = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_BRAND)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_BRAND); this.attestationIdDevice = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_DEVICE)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_DEVICE); this.attestationIdProduct = findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_PRODUCT)); + authorizationMap, KM_TAG_ATTESTATION_ID_PRODUCT); this.attestationIdSerial = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_SERIAL)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_SERIAL); this.attestationIdImei = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_IMEI)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_IMEI); this.attestationIdMeid = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_MEID)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_MEID); this.attestationIdManufacturer = findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_MANUFACTURER)); + authorizationMap, KM_TAG_ATTESTATION_ID_MANUFACTURER); this.attestationIdModel = - findOptionalByteArrayAuthorizationListEntry( - authorizationMap, (KM_TAG_ATTESTATION_ID_MODEL)); + findOptionalByteArrayAuthorizationListEntry(authorizationMap, KM_TAG_ATTESTATION_ID_MODEL); this.vendorPatchLevel = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_VENDOR_PATCH_LEVEL)); + findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_VENDOR_PATCH_LEVEL); this.bootPatchLevel = - findOptionalIntegerAuthorizationListEntry(authorizationMap, (KM_TAG_BOOT_PATCH_LEVEL)); + findOptionalIntegerAuthorizationListEntry(authorizationMap, KM_TAG_BOOT_PATCH_LEVEL); } - static AuthorizationList createAuthorizationList( - ASN1Encodable[] authorizationList) { + static AuthorizationList createAuthorizationList(ASN1Encodable[] authorizationList) { return new AuthorizationList(authorizationList); } @@ -231,22 +224,28 @@ public class AuthorizationList { return Optional.of(entrySet); } + private static Optional<Duration> findOptionalDurationSecondsAuthorizationListEntry( + Map<Integer, ASN1Primitive> authorizationMap, int tag) { + Optional<Integer> seconds = findOptionalIntegerAuthorizationListEntry(authorizationMap, tag); + return seconds.map(Duration::ofSeconds); + } + private static Optional<Integer> findOptionalIntegerAuthorizationListEntry( Map<Integer, ASN1Primitive> authorizationMap, int tag) { ASN1Primitive entry = findAuthorizationListEntry(authorizationMap, tag); - if (entry == null) { - return Optional.empty(); - } - return Optional.of(ASN1Parsing.getIntegerFromAsn1(entry)); + return Optional.ofNullable(entry).map(ASN1Parsing::getIntegerFromAsn1); + } + + private static Optional<Instant> findOptionalInstantMillisAuthorizationListEntry( + Map<Integer, ASN1Primitive> authorizationMap, int tag) { + Optional<Long> millis = findOptionalLongAuthorizationListEntry(authorizationMap, tag); + return millis.map(Instant::ofEpochMilli); } private static Optional<Long> findOptionalLongAuthorizationListEntry( Map<Integer, ASN1Primitive> authorizationMap, int tag) { ASN1Integer longEntry = ((ASN1Integer) findAuthorizationListEntry(authorizationMap, tag)); - if (longEntry == null) { - return Optional.empty(); - } - return Optional.of(longEntry.getValue().longValue()); + return Optional.ofNullable(longEntry).map(value -> value.getValue().longValue()); } private static boolean findBooleanAuthorizationListEntry( @@ -257,9 +256,6 @@ public class AuthorizationList { private static Optional<byte[]> findOptionalByteArrayAuthorizationListEntry( Map<Integer, ASN1Primitive> authorizationMap, int tag) { ASN1OctetString entry = (ASN1OctetString) findAuthorizationListEntry(authorizationMap, tag); - if (entry == null) { - return Optional.empty(); - } - return Optional.of(entry.getOctets()); + return Optional.ofNullable(entry).map(ASN1OctetString::getOctets); } } diff --git a/server/src/main/java/com/google/android/attestation/Constants.java b/server/src/main/java/com/google/android/attestation/Constants.java index 99ae6a7..10e9538 100644 --- a/server/src/main/java/com/google/android/attestation/Constants.java +++ b/server/src/main/java/com/google/android/attestation/Constants.java @@ -15,13 +15,46 @@ package com.google.android.attestation; -/** - * Key Attestation constants - */ +/** Key Attestation constants */ public class Constants { + // The Google root certificate that must have been used to sign the root + // certificate in a real attestation certificate chain from a compliant + // device. + // (Note, the sample chain used here is not signed with this certificate.) + public static final String GOOGLE_ROOT_CERTIFICATE = + "-----BEGIN CERTIFICATE-----\n" + + "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV" + + "BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYy" + + "ODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B" + + "AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS" + + "Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7" + + "tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj" + + "nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq" + + "C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ" + + "oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O" + + "JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg" + + "sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi" + + "igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M" + + "RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E" + + "aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um" + + "AGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYD" + + "VR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAO" + + "BgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lk" + + "Lmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQAD" + + "ggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfB" + + "Pb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00m" + + "qC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rY" + + "DBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPm" + + "QUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4u" + + "JU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyD" + + "CdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79Iy" + + "ZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxD" + + "qwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23Uaic" + + "MDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1" + + "wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk\n" + + "-----END CERTIFICATE-----"; static final String KEY_DESCRIPTION_OID = "1.3.6.1.4.1.11129.2.1.17"; - static final int ATTESTATION_VERSION_INDEX = 0; static final int ATTESTATION_SECURITY_LEVEL_INDEX = 1; static final int KEYMASTER_VERSION_INDEX = 2; @@ -30,7 +63,6 @@ public class Constants { static final int UNIQUE_ID_INDEX = 5; static final int SW_ENFORCED_INDEX = 6; static final int TEE_ENFORCED_INDEX = 7; - // Authorization list tags. The list is in this AOSP file: // hardware/libhardware/include/hardware/keymaster_defs.h static final int KM_TAG_PURPOSE = 1; @@ -70,57 +102,17 @@ public class Constants { static final int KM_TAG_ATTESTATION_ID_MODEL = 717; static final int KM_TAG_VENDOR_PATCH_LEVEL = 718; static final int KM_TAG_BOOT_PATCH_LEVEL = 719; - static final int ROOT_OF_TRUST_VERIFIED_BOOT_KEY_INDEX = 0; static final int ROOT_OF_TRUST_DEVICE_LOCKED_INDEX = 1; static final int ROOT_OF_TRUST_VERIFIED_BOOT_STATE_INDEX = 2; static final int ROOT_OF_TRUST_VERIFIED_BOOT_HASH_INDEX = 3; - // Some security values. The complete list is in this AOSP file: // hardware/libhardware/include/hardware/keymaster_defs.h static final int KM_SECURITY_LEVEL_SOFTWARE = 0; static final int KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1; static final int KM_SECURITY_LEVEL_STRONG_BOX = 2; - static final int KM_VERIFIED_BOOT_STATE_VERIFIED = 0; static final int KM_VERIFIED_BOOT_STATE_SELF_SIGNED = 1; static final int KM_VERIFIED_BOOT_STATE_UNVERIFIED = 2; static final int KM_VERIFIED_BOOT_STATE_FAILED = 3; - - // The Google root certificate that must have been used to sign the root - // certificate in a real attestation certificate chain from a compliant - // device. - // (Note, the sample chain used here is not signed with this certificate.) - public static final String GOOGLE_ROOT_CERTIFICATE = - "-----BEGIN CERTIFICATE-----\n" - + "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV" - + "BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYy" - + "ODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B" - + "AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS" - + "Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7" - + "tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj" - + "nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq" - + "C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ" - + "oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O" - + "JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg" - + "sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi" - + "igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M" - + "RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E" - + "aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um" - + "AGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYD" - + "VR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAO" - + "BgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lk" - + "Lmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQAD" - + "ggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfB" - + "Pb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00m" - + "qC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rY" - + "DBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPm" - + "QUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4u" - + "JU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyD" - + "CdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79Iy" - + "ZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxD" - + "qwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23Uaic" - + "MDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1" - + "wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk\n" - + "-----END CERTIFICATE-----"; } diff --git a/server/src/main/java/com/google/android/attestation/ParsedAttestationRecord.java b/server/src/main/java/com/google/android/attestation/ParsedAttestationRecord.java index e1bf981..372c360 100644 --- a/server/src/main/java/com/google/android/attestation/ParsedAttestationRecord.java +++ b/server/src/main/java/com/google/android/attestation/ParsedAttestationRecord.java @@ -34,9 +34,7 @@ import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; -/** - * Java representation of Key Attestation extension data. - */ +/** Java representation of Key Attestation extension data. */ public class ParsedAttestationRecord { public final int attestationVersion; diff --git a/server/src/main/java/com/google/android/attestation/RootOfTrust.java b/server/src/main/java/com/google/android/attestation/RootOfTrust.java index e32b87b..c086e03 100644 --- a/server/src/main/java/com/google/android/attestation/RootOfTrust.java +++ b/server/src/main/java/com/google/android/attestation/RootOfTrust.java @@ -27,9 +27,7 @@ import static com.google.android.attestation.Constants.ROOT_OF_TRUST_VERIFIED_BO import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Sequence; -/** - * This collection of values defines key information about the device's status. - */ +/** This collection of values defines key information about the device's status. */ public class RootOfTrust { public final byte[] verifiedBootKey; @@ -45,7 +43,8 @@ public class RootOfTrust { ASN1Parsing.getBooleanFromAsn1(rootOfTrust.getObjectAt(ROOT_OF_TRUST_DEVICE_LOCKED_INDEX)); this.verifiedBootState = rootOfTrustToEnum( - ASN1Parsing.getIntegerFromAsn1(rootOfTrust.getObjectAt(ROOT_OF_TRUST_VERIFIED_BOOT_STATE_INDEX))); + ASN1Parsing.getIntegerFromAsn1( + rootOfTrust.getObjectAt(ROOT_OF_TRUST_VERIFIED_BOOT_STATE_INDEX))); this.verifiedBootHash = ((ASN1OctetString) rootOfTrust.getObjectAt(ROOT_OF_TRUST_VERIFIED_BOOT_HASH_INDEX)) .getOctets(); diff --git a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java index fa40e5c..1e8c009 100644 --- a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java +++ b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java @@ -15,15 +15,12 @@ package com.google.android.attestation; - import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth8.assertThat; +import com.google.common.collect.ImmutableSet; import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import java.time.Instant; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.util.encoders.Base64; @@ -31,14 +28,12 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** - * Test for {@link AuthorizationList}. - */ +/** Test for {@link AuthorizationList}. */ @RunWith(JUnit4.class) public class AuthorizationListTest { // Generated from certificate with RSA Algorithm and StrongBox Security Level - private static final String SW_ENFORCED_EXTENSTION_DATA = + private static final String SW_ENFORCED_EXTENSION_DATA = "MIIBzb+FPQgCBgFr9iKgzL+FRYIBuwSCAbcwggGzMYIBizAMBAdhbmRyb2lkAgEdMBkEFGNvbS5hbmRyb2lkLmtleWNo" + "YWluAgEdMBkEFGNvbS5hbmRyb2lkLnNldHRpbmdzAgEdMBkEFGNvbS5xdGkuZGlhZ3NlcnZpY2VzAgEdMBoEFW" + "NvbS5hbmRyb2lkLmR5bnN5c3RlbQIBHTAdBBhjb20uYW5kcm9pZC5pbnB1dGRldmljZXMCAR0wHwQaY29tLmFu" @@ -47,7 +42,7 @@ public class AuthorizationListTest { + "bS5nb29nbGUuU1NSZXN0YXJ0RGV0ZWN0b3ICAR0wIgQdY29tLmdvb2dsZS5hbmRyb2lkLmhpZGRlbm1lbnUCAQ" + "EwIwQeY29tLmFuZHJvaWQucHJvdmlkZXJzLnNldHRpbmdzAgEdMSIEIDAao8sIETRQHEXxQiq8ZsJCJP1d7V/c" + "jxfmlxdv2Gaq"; - private static final String TEE_ENFORCED_EXTENSTION_DATA = + private static final String TEE_ENFORCED_EXTENSION_DATA = "MIGwoQgxBgIBAgIBA6IDAgEBowQCAggApQUxAwIBBKYIMQYCAQMCAQW/gUgFAgMBAAG/g3cCBQC/hT4DAgEAv4VATDBK" + "BCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAAoBAgQgco2xJ08fHPFXHeQ4CwSKVUrEo4Dnb1" + "NVCDUpCEqTeAG/hUEDAgEAv4VCBQIDAxSzv4VOBgIEATQV8b+FTwYCBAE0Few="; @@ -62,25 +57,27 @@ public class AuthorizationListTest { private static final int PADDING_RSA_1_5_SIGN = 5; private static final int ORIGIN_GENERATED = 0; - // Monday, 15 July 2019 14:56:32.972 - private static final Long EXPECTED_SW_CREATION_DATETIME = 1563202592972L; - private static final byte[] EXPECTED_SW_ATTESTATION_APPLICATION_ID = Base64.decode( - "MIIBszGCAYswDAQHYW5kcm9pZAIBHTAZBBRjb20uYW5kcm9pZC5rZXljaGFpbgIBHTAZBBRjb20uYW5kcm9pZC5zZXR0" - + "aW5ncwIBHTAZBBRjb20ucXRpLmRpYWdzZXJ2aWNlcwIBHTAaBBVjb20uYW5kcm9pZC5keW5zeXN0ZW0CAR0wHQ" - + "QYY29tLmFuZHJvaWQuaW5wdXRkZXZpY2VzAgEdMB8EGmNvbS5hbmRyb2lkLmxvY2FsdHJhbnNwb3J0AgEdMB8E" - + "GmNvbS5hbmRyb2lkLmxvY2F0aW9uLmZ1c2VkAgEdMB8EGmNvbS5hbmRyb2lkLnNlcnZlci50ZWxlY29tAgEdMC" - + "AEG2NvbS5hbmRyb2lkLndhbGxwYXBlcmJhY2t1cAIBHTAhBBxjb20uZ29vZ2xlLlNTUmVzdGFydERldGVjdG9y" - + "AgEdMCIEHWNvbS5nb29nbGUuYW5kcm9pZC5oaWRkZW5tZW51AgEBMCMEHmNvbS5hbmRyb2lkLnByb3ZpZGVycy" - + "5zZXR0aW5ncwIBHTEiBCAwGqPLCBE0UBxF8UIqvGbCQiT9Xe1f3I8X5pcXb9hmqg=="); + // 2019-07-15T14:56:32.972Z + private static final Instant EXPECTED_SW_CREATION_DATETIME = Instant.ofEpochMilli(1563202592972L); + private static final byte[] EXPECTED_SW_ATTESTATION_APPLICATION_ID = + Base64.decode( + "MIIBszGCAYswDAQHYW5kcm9pZAIBHTAZBBRjb20uYW5kcm9pZC5rZXljaGFpbgIBHTAZBBRjb20uYW5kcm9pZC5z" + + "ZXR0aW5ncwIBHTAZBBRjb20ucXRpLmRpYWdzZXJ2aWNlcwIBHTAaBBVjb20uYW5kcm9pZC5keW5zeXN0ZW" + + "0CAR0wHQQYY29tLmFuZHJvaWQuaW5wdXRkZXZpY2VzAgEdMB8EGmNvbS5hbmRyb2lkLmxvY2FsdHJhbnNw" + + "b3J0AgEdMB8EGmNvbS5hbmRyb2lkLmxvY2F0aW9uLmZ1c2VkAgEdMB8EGmNvbS5hbmRyb2lkLnNlcnZlci" + + "50ZWxlY29tAgEdMCAEG2NvbS5hbmRyb2lkLndhbGxwYXBlcmJhY2t1cAIBHTAhBBxjb20uZ29vZ2xlLlNT" + + "UmVzdGFydERldGVjdG9yAgEdMCIEHWNvbS5nb29nbGUuYW5kcm9pZC5oaWRkZW5tZW51AgEBMCMEHmNvbS" + + "5hbmRyb2lkLnByb3ZpZGVycy5zZXR0aW5ncwIBHTEiBCAwGqPLCBE0UBxF8UIqvGbCQiT9Xe1f3I8X5pcX" + + "b9hmqg=="); - private static final Set<Integer> EXPECTED_TEE_PURPOSE = new HashSet<>( - Arrays.asList(PURPOSE_SIGN, PURPOSE_VERIFY)); + private static final ImmutableSet<Integer> EXPECTED_TEE_PURPOSE = + ImmutableSet.of(PURPOSE_SIGN, PURPOSE_VERIFY); private static final Integer EXPECTED_TEE_ALGORITHM = ALGORITHM_RSA; private static final Integer EXPECTED_TEE_KEY_SIZE = 2048; - private static final Set<Integer> EXPECTED_TEE_DIGEST = new HashSet<>( - Collections.singletonList(DIGEST_SHA_2_256)); - private static final Set<Integer> EXPECTED_TEE_PADDING = new HashSet<>( - Arrays.asList(PADDING_RSA_PSS, PADDING_RSA_1_5_SIGN)); + private static final ImmutableSet<Integer> EXPECTED_TEE_DIGEST = + ImmutableSet.of(DIGEST_SHA_2_256); + private static final ImmutableSet<Integer> EXPECTED_TEE_PADDING = + ImmutableSet.of(PADDING_RSA_PSS, PADDING_RSA_1_5_SIGN); private static final Long EXPECTED_TEE_RSA_PUBLIC_COMPONENT = 65537L; private static final Integer EXPECTED_TEE_ORIGIN = ORIGIN_GENERATED; private static final Integer EXPECTED_TEE_OS_VERSION = 0; @@ -88,11 +85,17 @@ public class AuthorizationListTest { private static final Integer EXPECTED_TEE_VENDOR_PATCH_LEVEL = 20190705; private static final Integer EXPECTED_TEE_BOOT_PATCH_LEVEL = 20190700; - @Test - public void testCanParseAuthorizationListFromSwEnforced() + private static ASN1Encodable[] getEncodableAuthorizationList(String extensionData) throws IOException { - AuthorizationList authorizationList = AuthorizationList.createAuthorizationList( - getEncodableAuthorizationList(SW_ENFORCED_EXTENSTION_DATA)); + byte[] extensionDataBytes = Base64.decode(extensionData); + return ((ASN1Sequence) ASN1Sequence.fromByteArray(extensionDataBytes)).toArray(); + } + + @Test + public void testCanParseAuthorizationListFromSwEnforced() throws IOException { + AuthorizationList authorizationList = + AuthorizationList.createAuthorizationList( + getEncodableAuthorizationList(SW_ENFORCED_EXTENSION_DATA)); assertThat(authorizationList.creationDateTime).hasValue(EXPECTED_SW_CREATION_DATETIME); assertThat(authorizationList.rootOfTrust).isEmpty(); @@ -101,10 +104,10 @@ public class AuthorizationListTest { } @Test - public void testCanParseAuthorizationListFromTeeEnforced() - throws IOException { - AuthorizationList authorizationList = AuthorizationList.createAuthorizationList( - getEncodableAuthorizationList(TEE_ENFORCED_EXTENSTION_DATA)); + public void testCanParseAuthorizationListFromTeeEnforced() throws IOException { + AuthorizationList authorizationList = + AuthorizationList.createAuthorizationList( + getEncodableAuthorizationList(TEE_ENFORCED_EXTENSION_DATA)); assertThat(authorizationList.purpose).hasValue(EXPECTED_TEE_PURPOSE); assertThat(authorizationList.algorithm).hasValue(EXPECTED_TEE_ALGORITHM); @@ -120,9 +123,4 @@ public class AuthorizationListTest { assertThat(authorizationList.vendorPatchLevel).hasValue(EXPECTED_TEE_VENDOR_PATCH_LEVEL); assertThat(authorizationList.bootPatchLevel).hasValue(EXPECTED_TEE_BOOT_PATCH_LEVEL); } - - private ASN1Encodable[] getEncodableAuthorizationList(String extensionData) throws IOException { - byte[] extensionDataBytes = Base64.decode(extensionData); - return ((ASN1Sequence) ASN1Sequence.fromByteArray(extensionDataBytes)).toArray(); - } -}
\ No newline at end of file +} diff --git a/server/src/test/java/com/google/android/attestation/ParsedAttestationRecordTest.java b/server/src/test/java/com/google/android/attestation/ParsedAttestationRecordTest.java index 76d1f95..82059b9 100644 --- a/server/src/test/java/com/google/android/attestation/ParsedAttestationRecordTest.java +++ b/server/src/test/java/com/google/android/attestation/ParsedAttestationRecordTest.java @@ -16,6 +16,7 @@ package com.google.android.attestation; import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; import com.google.android.attestation.ParsedAttestationRecord.SecurityLevel; import java.io.ByteArrayInputStream; @@ -27,9 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** - * Test for {@link ParsedAttestationRecord}. - */ +/** Test for {@link ParsedAttestationRecord}. */ @RunWith(JUnit4.class) public class ParsedAttestationRecordTest { @@ -67,18 +66,28 @@ public class ParsedAttestationRecordTest { + "-----END CERTIFICATE-----"; private static final int EXPECTED_ATTESTATION_VERSION = 3; - private static final SecurityLevel - EXPECTED_ATTESTATION_SECURITY_LEVEL = SecurityLevel.TRUSTED_ENVIRONMENT; + private static final SecurityLevel EXPECTED_ATTESTATION_SECURITY_LEVEL = + SecurityLevel.TRUSTED_ENVIRONMENT; private static final int EXPECTED_KEYMASTER_VERSION = 4; - private static final SecurityLevel EXPECTED_KEYMASTER_SECURITY_LEVEL = SecurityLevel.TRUSTED_ENVIRONMENT; - private static final byte[] EXPECTED_ATTESTATION_CHALLENGE = "abc".getBytes(); - private static final byte[] EXPECTED_UNIQUE_ID = "".getBytes(); + private static final SecurityLevel EXPECTED_KEYMASTER_SECURITY_LEVEL = + SecurityLevel.TRUSTED_ENVIRONMENT; + private static final byte[] EXPECTED_ATTESTATION_CHALLENGE = "abc".getBytes(UTF_8); + private static final byte[] EXPECTED_UNIQUE_ID = "".getBytes(UTF_8); + + private static X509Certificate getAttestationRecord(String certStr) throws CertificateException { + CertificateFactory factory = CertificateFactory.getInstance("X509"); + X509Certificate cert = + (X509Certificate) + factory.generateCertificate(new ByteArrayInputStream(certStr.getBytes(UTF_8))); + cert.checkValidity(); + return cert; + } @Test public void testParseAttestationRecord() throws CertificateException, IOException { X509Certificate x509Certificate = getAttestationRecord(CERT); - ParsedAttestationRecord attestationRecord = ParsedAttestationRecord - .createParsedAttestationRecord(x509Certificate); + ParsedAttestationRecord attestationRecord = + ParsedAttestationRecord.createParsedAttestationRecord(x509Certificate); assertThat(attestationRecord.attestationVersion).isEqualTo(EXPECTED_ATTESTATION_VERSION); assertThat(attestationRecord.attestationSecurityLevel) @@ -91,12 +100,4 @@ public class ParsedAttestationRecordTest { assertThat(attestationRecord.softwareEnforced).isNotNull(); assertThat(attestationRecord.teeEnforced).isNotNull(); } - - private X509Certificate getAttestationRecord(String certStr) throws CertificateException { - CertificateFactory factory = CertificateFactory.getInstance("X509"); - X509Certificate cert = (X509Certificate) factory - .generateCertificate(new ByteArrayInputStream(certStr.getBytes())); - cert.checkValidity(); - return cert; - } } diff --git a/server/src/test/java/com/google/android/attestation/RootOfTrustTest.java b/server/src/test/java/com/google/android/attestation/RootOfTrustTest.java index 732584c..cfa9de7 100644 --- a/server/src/test/java/com/google/android/attestation/RootOfTrustTest.java +++ b/server/src/test/java/com/google/android/attestation/RootOfTrustTest.java @@ -15,7 +15,6 @@ package com.google.android.attestation; - import static com.google.common.truth.Truth.assertThat; import com.google.android.attestation.RootOfTrust.VerifiedBootState; @@ -27,9 +26,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** - * Test for {@link RootOfTrust}. - */ +/** Test for {@link RootOfTrust}. */ @RunWith(JUnit4.class) public class RootOfTrustTest { @@ -38,14 +35,18 @@ public class RootOfTrustTest { "MEoEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEACgECBCByjbEnTx8c8Vcd5DgLBIpVSsSjgOdvU1UI" + "NSkISpN4AQ==\n"; - private static final byte[] EXPECTED_VERIFIED_BOOT_KEY = Base64 - .decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="); + private static final byte[] EXPECTED_VERIFIED_BOOT_KEY = + Base64.decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="); private static final boolean EXPECTED_DEVICE_LOCKED = false; private static final VerifiedBootState EXPECTED_VERIFIED_BOOT_STATE = VerifiedBootState.UNVERIFIED; - private static final byte[] EXPECTED_VERIFIED_BOOT_HASH = Base64 - .decode("co2xJ08fHPFXHeQ4CwSKVUrEo4Dnb1NVCDUpCEqTeAE="); + private static final byte[] EXPECTED_VERIFIED_BOOT_HASH = + Base64.decode("co2xJ08fHPFXHeQ4CwSKVUrEo4Dnb1NVCDUpCEqTeAE="); + private static ASN1Sequence getRootOfTrustSequence(String rootOfTrustB64) throws IOException { + byte[] rootOfTrustBytes = Base64.decode(rootOfTrustB64); + return (ASN1Sequence) ASN1Sequence.fromByteArray(rootOfTrustBytes); + } @Test public void testCreateRootOfTrust() throws IOException { @@ -63,9 +64,4 @@ public class RootOfTrustTest { public void testCreateEmptyRootOfTrust() { Truth.assertThat(RootOfTrust.createRootOfTrust(null)).isNull(); } - - private ASN1Sequence getRootOfTrustSequence(String rootOfTrustB64) throws IOException { - byte[] rootOfTrustBytes = Base64.decode(rootOfTrustB64); - return (ASN1Sequence) ASN1Sequence.fromByteArray(rootOfTrustBytes); - } -}
\ No newline at end of file +} |